#SaferInternetDay – so let’s sign some things, like that new repository

#SaferInternetDay – so let’s sign some things, like that new repository

It's Safer Internet Day today.

Part of being safe on the Internet is making sure you know what you are downloading.. so let's make sure that you're downloading those Wireshark repositories using what I published, and not what someone else might have exchanged the files with the meantime.

We'll create some GPG keys to support them, using information from Linuxsysconfig, below the fold.

So here goes, firstly create a key, and export the public block, importing it into the tool

gpg --gen-key
gpg --export -a publisher > RPM-GPG-KEY-publisher@1310nm.net
sudo cp RPM-GPG-KEY-publisher@1310nm.net /etc/pki/rpm-gpg/
sudo rpm --import RPM-GPG-KEY-publisher@1310nm.net

Now configure RPM so that it can find the keys, and then re-sign the created RPMs, and update the information.

echo "%_signature gpg" > ~/.rpmmacros
echo "%_gpg_name publisher" >> ~/.rpmmacros
cd wireshark-2.2.4/packaging/rpm/RPMS/x86_64
rpm --resign *.rpm
createrepo --update .

And then enable the gpgcheck and gpgkey options in the repository file information. This is now in Building a Wireshark for CentOS 7, so everything should be using the published key versions now.

John Dixon

John Dixon is the Principal Consultant of thirteen-ten nanometre networks Ltd, based in Wiltshire, United Kingdom. He has a wide range of experience, (including, but not limited to) operating, designing and optimizing systems and networks for customers from global to domestic in scale. He has worked with many international brands to implement both data centres and wide-area networks across a range of industries. He is currently supporting a major SD-WAN vendor on the implementation of an environment supporting a major global fast-food chain.

Comments are closed.